{"id":"MAL-2025-190870","summary":"Malicious code in @mparpaillon/connector-parse (npm)","details":"\n---\n_-= Per source details. Do not edit below this line.=-_\n\n## Source: amazon-inspector (ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c)\nThe package @mparpaillon/connector-parse was found to contain malicious code.\n","modified":"2025-12-23T15:48:20.787227Z","published":"2025-11-24T16:31:47Z","database_specific":{"malicious-packages-origins":[{"versions":["1.0.1"],"source":"amazon-inspector","import_time":"2025-11-24T16:39:48.395065381Z","modified_time":"2025-11-24T16:31:47Z","sha256":"ffec89e4bd3b2d309b636261098474ed4816b5b9bd40872855c24c082de3666c"},{"versions":["1.0.1"],"source":"reversing-labs","import_time":"2025-12-23T15:07:38.01708208Z","modified_time":"2025-12-23T07:48:47Z","id":"RLMA-2025-06027","sha256":"fd0b144ccf46c26b573ad6529c660984a3c361d857bd2f3c0866845d1304443f"}]},"references":[{"type":"ARTICLE","url":"https://www.mend.io/blog/shai-hulud-the-second-coming"},{"type":"WEB","url":"https://checkmarx.com/zero-post/shai-huluds-second-coming-npm-malware-attack-evolved"},{"type":"WEB","url":"https://www.aikido.dev/blog/shai-hulud-strikes-again-hitting-zapier-ensdomains"},{"type":"WEB","url":"https://www.veracode.com/blog/return-of-the-shai-hulud-worm"},{"type":"ARTICLE","url":"https://www.reversinglabs.com/blog/another-shai-hulud-npm-worm-is-spreading-heres-what-you-need-to-know"}],"affected":[{"package":{"name":"@mparpaillon/connector-parse","ecosystem":"npm","purl":"pkg:npm/%40mparpaillon/connector-parse"},"versions":["1.0.1"],"database_specific":{"source":"https://github.com/ossf/malicious-packages/blob/main/osv/malicious/npm/@mparpaillon/connector-parse/MAL-2025-190870.json"}}],"schema_version":"1.7.3","credits":[{"name":"Amazon Inspector","contact":["actran@amazon.com"],"type":"FINDER"},{"name":"ReversingLabs","contact":["https://www.reversinglabs.com"],"type":"FINDER"}]}